Today we are excited to announce the release of a brand new plugin: Wordfence Login Security. This plugin is a completely standalone plugin and you don’t need to install the full version of Wordfence to take advantage of the specific security features included in it.
Wordfence Login Security is designed by our team to secure your login and authentication system. It’s worth noting that this plugin does not include the firewall, malware scanner and other features that the full Wordfence plugin comes with.
If you already have an alternative firewall solution in place and are covered for malware scanning, then this plugin is perfect for you because it secures your login system against several dangerous and targeted attacks.
Wordfence Login Security includes the following features:
- It provides robust two-factor authentication that is not vulnerable to cellphone SIM porting attacks.
- It includes a login page CAPTCHA that protects you from sophisticated credential stuffing attacks that use a wide range of IP addresses.
- It also includes XML-RPC protection.
These features are also included in the full Wordfence plugin. So if you are using Wordfence already, you don’t need to install this new plugin. You can learn more about how these features are available in Wordfence by checking out last week’s announcement post.
Why did we do this?
Over the last year we have spent a lot of time talking to WordPress users. One thing we learned, from larger companies especially, is that everyone’s situation is different. And that even means (gasp!) that some people can’t or don’t run Wordfence on some of their sites. The reasons vary, but in most cases there are many features they could benefit from using.
With that in mind, when we decided to completely rewrite our two-factor authentication feature we decided to also release it as a separate plugin. Our hope is that by making sets of related features available in “modular” plugins like this, that more websites will benefit from Wordfence protection. Our goal, after all, is to make the web safer. The more sites we can keep safe the better.
Do I need both plugins?
In a word, no. Wordfence Login Security and the full Wordfence plugin share the same code for these features. If you already have the full Wordfence plugin installed you already have all of the features available in Wordfence Login Security. If you try to install Wordfence Login Security, nothing will change.
Can I install the full Wordfence plugin if I have Wordfence Login Security installed?
Wordfence Login Security and Wordfence are built to play nicely together. They integrate seamlessly. If you are using Wordfence Login Security and then install the full version of Wordfence, all of your settings are preserved.
Once you install the full version of Wordfence, a new ‘Wordfence’ section will be added to your menu. The settings for Wordfence Login Security will appear in this area as one of the security features available to you.
Again, all your settings are preserved and you can continue knowing your site has the additional features that Wordfence includes like our firewall and malware scanner.
Do I need to upgrade to Premium to use Wordfence Login Security?
This plugin is free and you do not need to pay to use it. In addition, the features that are included in Wordfence Login Security are also available in the free version of the full Wordfence plugin.
The Wordfence team is committed to making the Web a safer place. We wanted to make these essential security features available to absolutely every WordPress site owner and user at no cost. We also built the plugin to be as widely compatible as possible so that there is no barrier to entry when it comes to securing your website against credential stuffing attacks and other attacks targeting your login system.
What’s next for Wordfence Login Security?
Our team spent the past year developing and testing Wordfence Login Security. Our team has taken the plugin through a rigorous QA process that ensures it is widely compatible, rock solid and ready for production. We have also performed a comprehensive security audit on it to ensure that there are no loopholes or issues that an attacker can exploit.
At this point, Wordfence Login Security is an extremely stable and robust security solution for your WordPress authentication system. Our intention is to set the standard for WordPress two-factor authentication with this product.
Our next steps are to listen to the community feedback while providing excellent support for our customers. This will help guide the product direction and our development team.
If you are not currently using the full version of Wordfence, we hope you will at the very least install Wordfence Login Security to protect your WordPress authentication system. Our team is installing this plugin on their own sites – in fact many have been running the beta version for months.
Wordfence Login Security is a huge step forward in helping secure WordPress and we hope you will help spread the word in the community that this plugin is available, completely free, and does an excellent job of improving the security posture of a WordPress website.
Wordfence/Defiant Founder and CEO